Under the Hood - What Reverse Proxy is your CDN using?

One of the most remarkable things about the CDN market in the 20 years since Akamai launched the first Content Delivery Network is how little attention has been paid to the technology these companies are built on. When you consider the function they serve, it is somewhat understandable. Your website is slow, you pay for a CDN and suddenly it is faster. You don’t really care how it works as long as you get the desired result.

Yet when you think about how important the reliable delivery of website content is to the survival of millions of businesses around the world, it is strange there hasn’t been more attention paid to understanding the technology responsible for making sure the content reaches a company’s customers as intended. What if your web application’s code conflicts with the software running on your CDN? Isn’t that something you’d like to know before deploying to production?

In our last post we reviewed the two main layers of a CDN, the DNS layer and the reverse proxy layer. If you consider the DNS layer and CDN PoPs the skeleton of a CDN, the reverse proxy layer is the real muscle behind a CDN. CDNs haven’t had any good reasons to lay out exactly how their reverse proxy technology works because the closer you look the easier it is to see how commoditized the market has become. Let’s take a quick tour under the hood of the most popular CDNs on the market today and look at which reverse proxies they use to improve their customer’s website performance and security.

Akamai: The grandfather of CDNs, Akamai was the first to market a network of reverse proxy servers to bring cached content closer to the end user. While Akamai technically uses customized reverse proxies, they are likely to be a variation of Squid for caching and ModSecurity for security.

Cloudflare: Cloudflare jumped into the CDN industry in 2009, bringing a free product option and good reputation for security to the market. To many, Cloudflare is synonymous with website security and like Akamai they built their security software on an older version of the ModSecurity reverse proxy which is now in NGINX. Their caching software is build on the NGINX reverse proxy.

Fastly: A relatively new CDN, Fastly uses an early version of Varnish Cache for its reverse proxy servers. As one of the first CDNs to use Varnish Cache, Fastly is well liked by developers. It does not, however, have a security reverse proxy.

Incapsula: Incapsula is a CDN that focuses on security and uses a version of ModSecurity to help stop malicious traffic and mitigate against DDOS attacks. Incapsula also offers caching but do not disclose if they use a modified open-source or proprietary reverse proxy.

MaxCDN: Like Fastly, MaxCDN uses a variation of an earlier version of Varnish Cache for the reverse proxies on their network. MaxCDN does not have a reverse proxy for security.

section.io: Currently, section.io offers Varnish Cache for performance and ModSecurity for security. section.io is unique in that it offers developers the choice of several versions of Varnish Cache. More proxy options will be added to the platform in the coming months, giving developers more choice and control over how their content is delivered and secured.